external-secrets: OLM OperatorConfig fails to install
This issue would be better created in the external-secrets-helm-operator repo, but Issues don’t seem to be enabled over there. I am trying to install External Secrets via the Operator Hub in OpenShift 4.8.24. I am able to create a subscription and install the operator. However, when trying to create an OperatorConfig using the sample provided in external-secrets/external-secrets-helm-operator, it fails with this error.
failed to install release: rendered manifests contain a resource that already exists. Unable to continue with install: CustomResourceDefinition "clustersecretstores.external-secrets.io" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "sample"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "external-secrets-operator"
This OperatorConfig fails with the same error as above.
apiVersion: operator.external-secrets.io/v1alpha1
kind: OperatorConfig
metadata:
annotations:
meta.helm.sh/release-name: external-secrets
meta.helm.sh/release-namespace: external-secrets-operator
name: external-secrets
namespace: external-secrets-operator
labels:
app.kubernetes.io/managed-by: Helm
spec:
nodeSelector: {}
imagePullSecrets: []
podLabels:
app.kubernetes.io/managed-by: Helm
resources: {}
leaderElect: false
fullnameOverride: ''
affinity: {}
prometheus:
enabled: true
service:
port: 8080
podSecurityContext: {}
scopedNamespace: ''
extraArgs: {}
securityContext: {}
rbac:
create: true
replicaCount: 1
nameOverride: ''
serviceAccount:
annotations: {}
create: true
name: ''
installCRDs: false
image:
pullPolicy: IfNotPresent
repository: ghcr.io/external-secrets/external-secrets
tag: ''
tolerations: []
extraEnv: []
priorityClassName: ''
podAnnotations:
meta.helm.sh/release-name: external-secrets
meta.helm.sh/release-namespace: external-secrets-operator
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 1
- Comments: 19 (8 by maintainers)
https://github.com/redhat-openshift-ecosystem/community-operators-prod/pull/579
Merged 😃
@knelasevero Yeah, I think that makes sense. Thanks again for the help and for getting this fixed so quickly.
Oh, I missed that one. Gonna do it tomorrow
@knelasevero Thank you for the quick turn around on this.
I just tried this with OLM for 0.3.11. Works like a charm. Closing the issue. Feel free to re-open in case of any problems!
I can confirm the issue.
I created this PR on the other repo:
https://github.com/external-secrets/external-secrets-helm-operator/pull/1
Will merge soon and after that, I will create the PR on the community_operators repo to point to the new release.
Probably will also release ESO 0.3.11 already as well.
I thought about enabling issues on that repo, but I am now thinking I prefer all issues here on the main repo and organize them by tags. Will bring this up at the next community meeting.
@moolen was the one pushing this forward, and I think he is still on vacation and unavailable, but I can try to have a look. I am a bit unfamiliar with OLM and with the work done with the es-helm-operator. I see we suspect the culprit is the
installCRDs: falsein thewatches.yamlfile of that repo. Does anybody have a clue why that is not preventing the operator from fighting with OLM on who manages the crds?I will try to debug this a bit this week.
@wseaton I had previously installed via Helm in another cluster with no issues. We’ve been holding up a production deployment, waiting for the OLM operator. So I was excited to finally get that work off my plate and marked done. I will continue debugging this today.